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DETAILED ACTION 



1 . Claims 1 - 24 have been presented for examination. Claims 1 , 6, 9, 1 4, 1 7 and 
22 have been amended in an amendment filed 10/20/2005. 



Response to Arguments 

2. Applicant's arguments filed on 10/20/2005 with respect to the subject matter of 
the instant claims have been fully considered but are not persuasive. 

3. As per claim 1, Applicant remarks: "as if Savil is being relied upon as teaching 
the two security context, it is not possible for Wu to teach aggregating these 
security contexts as it doesn't teach such security contexts (which are instead 
alleged to be taught bt Savill)" - Page 6, 2 nd Para. Examiner notes Applicant's 
arguments have been fully considered but are not persuasive because whether 
only the Savill reference or both of Savill and Wu references teach the two 
security contexts does not violate the prosecution of 103 rejection and the focus 
should be merely placed on that the primary reference of Savill does not teach 
aggregating these security contexts as the facts pointed out in the Office action. 

4. As per claim 1 , Applicant remarks: "Wu does not teach generating / aggregating 
a second security context in response to a second user authentication, as thev 
pertain to the actual authentication service that is to be invoked " (Page 6)". 
Examiner notes Applicant's arguments have been fully considered but are not 
persuasive because (a) Applicant's argument has no merit since the alleged 
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limitation has not been recited into the claim. Although the claims are interpreted 
in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1 181 , 26 USPQ2d 1057 (Fed. Cir. 1993); 
(b) besides, Wu teaches the method manages the authentications of a user any 
number of authentication services (Wu: Column 1 3 Line 39 - 41 : i.e. multiple 
authentication services) and, Wu also teaches those methods, as stated above, 
that indeed invoke underlying similar methods of an account service that 
performs the actual getting and setting of the account validation attributes (Wu: 
Column 15 Line 20 - 23), and as such Wu does teach generating / aggregating a 
second security context in response to a second user authentication regardless 
whether it is managed in a pre-existing manner or not. Therefore, applicant's 
arguments are respectfully traversed. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or 
with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the 
inventor of carrying out his invention. 

5. Claims 6, 14 and 22 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. 
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The new amendment of claim limitation of claim 6, 14 and 22 filed on 10/20/2005 
" by a user who issued the user logoff ' is not enabled by the specification. As 
understood by the examiner after reviewing the specification (Page 3 Line 8-12, Page 
8 Line 7-10, and Page 1 3 Line 1 6 - 23), a user who just issued the user logoff, as 
recited in the claim limitation, is interpreted as the second user entity (e.g. as a system 
administrator) that actually issued the logoff; however, to access security protected 
resource , after user logoff, is indeed based upon the first user entity (e.g. as a 
engineering staff) after the second user security context has been destroyed upon 
logoff. Therefore, the claim limitation "by a user who issued the user logoff" is unclear 
and as such is not enabled by one skilled in the art to which it pertains, or with which it 
is most nearly connected, to make and/or use the invention 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 . Claim 1 - 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Savill (Where can I find a Unix su like utility?) and in view of Wu (U.S. Patent Number 
5,774,551), hereinafter referred to as Wu. 
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As per claims 1, 9 and 17, Savill discloses an authentication method, product and 
system comprising: 

generating a first security context in response to a first user authentication (Savill: 
Page 1 Line 2: the low privileged account is interpreted as the 1 st security context), 

generating a second security context in response to a second user authentication 
(Savill: Page 1 Line 3: the higher privileged account related to system administrative 
work is interpreted as the 2 nd security context); 

However, Savil does not disclose expressly said second security context 
aggregates said first security context and a security context corresponding to an identity 
in said second user authentication. 

Wu teaches said second security context is an aggregate of said first security 
context and a security context corresponding to an identity in said second user 
authentication (Wu: Column 6 Line 65 Column 7 Line 1: stacking multiple authentication 
services as taught by Wu is interpreted as aggregating first security context into the 
second security context). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Wu within the system of Savil because 
(a) Savil discloses the needs of multiple login due to different type of works associated 
with the same personnel, and (b) Wu teaches providing a simplified login embodiment 
using automatic multi-login (i.e. unified logon) so that the same personnel need not 
manually login multiple times for different types of works, which is substantially 
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improves in the ease of use of otherwise complex computer security systems (Wu: 
Column 3 Line 56 - 57 and Column 4 Line 25 - 28). 

As per claims 2, 10, and 18, Savil as modified teaches the claimed invention as 
described above (see claim 1, 9 and 17, respectively). Wu further teaches: saving said 
first security context (Wu: Column 3 Line 56 - 57). 

As per claims 3, 1 1, and 19, Savil as modified teaches the claimed invention as 
described above (see claim 2, 10 and 18, respectively). Wu further teaches: saving 
said first security context comprises the step of pushing said first security context on a 
stack (Wu: Column 6 Line 64 - 67 and Column 7 Line 1 - 4). 

As per claims 4, 12, and 20, Savil as modified teaches the claimed invention as 
described above (see claim 1, 9 and 17, respectively). Savil further teaches: receiving a 
user logoff (Savil: Page 1 Line 4). 

As per claims 5, 13, and 21, Savil as modified teaches the claimed invention as 
described above (see claim 4, 12 and 20, respectively). Wu further teaches: destroying 
said second security context in response to said step of receiving said user logoff (Wu: 
Column 1 9 Line 60 - 64). 



Application/Control Number: 09/731 ,623 Page 7 

Art Unit: 2131 

As per claims 6, 14 and 22, Savil as modified teaches the claimed invention as 
described above (see claim 2, 10 and 18, respectively). Savill teaches reverting to said 
first security context in response to a user logoff, wherein said first security context is 
then used to access security protected resources by a user who issued the user logoff 
(Savill: Line 1 - 5: Savil teaches allowing the user to just temporarily start the higher 
privileged account related to system administrative work so that the user can avoid 
closing all open application at logoff - Examiner notes the low privileged account (i.e. 
the first security context) is still active upon the logoff of temporary higher privileged 
account such as system administrative work, which is also widely used in the field in 
UNIX systems). 

As per claims 7, 15 and 23, Savil as modified teaches the claimed invention as 
described above (see claim 6, 14 and 22, respectively). Savill as modified further 
teaches reverting to said first security context comprises the step of popping said first 
security context off of a stack (Savill: Page 1 Line 4; Wu: Column 6 Line 65). 

As per claims 8, 16, and 24, Savil as modified teaches the claimed invention as 
described above (see claim 1, 9 and 17, respectively). Wu further teaches: determining 
an access permission in response to said second security context (Wu: Column 3 Line 
1 1 - 1 4 and Column 6 Line 1 7 - 22. TABLE 1 , Column 1 7 Line 40 - 44, Column 1 0 Line 
33 - 35 and Column 1 9, Line 54 - 56). 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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